What is Host ID?
Host ID is a smart and powerful tracking tool that the Vectra AI Platform uses to track any host we see in your network, regardless of the IP address. Even if a host changes basic foundational concepts within itself, we can still clearly track it by leveraging a number of artifacts across the platform. In short, Host ID allows us to track and attribute suspicious activity across threat surfaces and IP addresses to a specific host.
How does Host ID work?
With its ability to connect behavior from multiple IP addresses, Host ID makes it so much easier for the analyst to see and track a host even if it has taken steps to avoid detection. We track activity using our behavioral detections, which aren’t based on arbitrary IP addresses, but rather, on the specific activity of one host. Regardless of its use at different IP addresses or even in different time periods, our behavioral detections let us identify activity for what it really is. This provides us with an entity-centric view of what may appear to be unrelated and harmless activities across different surfaces and contextualizes them to see the true intent behind the activity.
What does Host ID mean for security teams?
With Host ID, you have complete coverage, clarity, and control over what cyber attackers are doing, despite their efforts to remain undetected. That means that when you come in to work, you know exactly what’s happening. In the event that you need to respond to an attack, you can respond to the specific host that’s involved in the attack. Furthermore, it means you can respond to any host that’s involved in suspicious activity yesterday, today, or tomorrow, with any future activity automatically flagged. Put simply, Host ID takes the guesswork out of host threat detection and response and puts your team in control.
Watch the full prodcast to learn more about Vectra AI’s Host ID.